Skip to main content
Home Documentation Community

Trusted Networks

Andrew Reddie

0 comments
This article explains how to manage and configure the Trusted Network.
When you define a Trusted Network, the Timus Connect Application is going to disconnect from the gateway automatically once any Trusted Networks have been detected. Once you switch to other Networks, which are not trusted, the Timus Connect is going to reconnect to the gateway automatically.
  • You can go to the Timus Manager -> Settings -> Configuration -> Trusted Network.
  • Once you click on Create New, you will be able to see the configuration page of the Trusted Network.
  • You can select the Network Type either Wired or Wireless.
  • Once you select the Network Type as Wired, you need to set the Source MAC address.
  • When you select the Network Type as Wireless, you need to set the BSSID.
  • To be able to find the MAC addresses, you can use the scripts on both Windows or macOS.

Windows (The script must be run over PowerShell as administrator):

$string = (Get-NetAdapter | Select-Object InterfaceDescription, MediaType, ifIndex, Status | Where-Object { $_.Status -eq "Up" }| Sort-Object -Property ifIndex | Select -First 1).MediaType
if ($string -like "*.11*") { 
$bssidOutput = netsh wlan show interfaces | Select-String "BSSID"
if ($bssidOutput.Count -gt 0){
$address=[regex]::Match($bssidOutput, '([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}').Value
Write-Host("wireless",$address)
}else{
Write-Host("Error","Interface details not found for Wifi adaptor.")
}
}else{
$gateways = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $_.IPEnabled -eq $true } | Select-Object -ExpandProperty DefaultIPGateway)
$arpOutput = 0
if ($gateways.Count -eq 1) {
$arpOutput = arp -a | Select-String -Pattern "^\s*$gateways\s+([0-9A-Fa-f]{2}-){5}[0-9A-Fa-f]{2}"
} elseif ($gateways.Count -gt 1) {
$gateway=$gateways[0]
$arpOutput = arp -a | Select-String -Pattern "^\s*$gateway\s+([0-9A-Fa-f]{2}-){5}[0-9A-Fa-f]{2}"
}
else {
Write-Host("Error","Gateways not found")
}
if ($arpOutput -ne 0){
if ($arpOutput.Count -eq 1) {
$address=[regex]::Match($arpOutput[0].ToString().Trim(), '([0-9a-fA-F]{2}-){5}[0-9a-fA-F]{2}').Value
Write-Host("wired",$address)
} elseif($arpOutput.Count -gt 1) {
$address=[regex]::Match($arpOutput[1].ToString().Trim(), '([0-9a-fA-F]{2}-){5}[0-9a-fA-F]{2}').Value
Write-Host("wired",$address)
} else {
Write-Host("Error","ARP details not found for the gateway.")
}
}
}

macOS (the script must be run over Terminal):

interface=$(networksetup -listnetworkserviceorder | awk -F': ' '/Device: / {gsub(/[ )]/, "", $3); if(length($3) > 0) print $3}' 
| while read -r line; do interface_status=$(ifconfig "$line" 2>/dev/null | grep status | awk '{print $2}'); if [[ "$interface_status" == "active" ]]; then echo "$line"; break; fi; done)
summary=$(ipconfig getsummary "$interface")
if echo "$summary" | grep -q "BSSID"; then
echo "wireless" $(sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/BSSID/{print $2}')
else
default_gateway=$(route -n get default | awk '/gateway:/{print $2}')
echo "wired" $(arp -a | grep "$default_gateway" | awk '{print $4}' | head -n 1)
fi
  • on macOS devices, sometimes, the script above may not work as expected and the result may be empty, this can be about EPP or AV. Therefore, you may consider using 2 different alternative scripts, which must be run over Terminal as well, below:

 

interface=$(networksetup -listnetworkserviceorder | awk -F': ' '/Device: / {gsub(/[ )]/, "", $3); if(length($3) > 0) print $3}' | while read -r line; do interface_status=$(ifconfig "$line" 2>/dev/null | grep status | awk '{print $2}'); if [[ "$interface_status" == "active" ]]; then echo "$line"; break; fi; done)
summary=$(ipconfig getsummary "$interface")
if echo "$summary" | grep -q "BSSID"; then
echo "wireless" $(sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/BSSID/{print $2}')
else
default_gateway=$(route -n get default | awk '/gateway:/{print $2}')
echo "wired" $(arp -a | grep "$default_gateway" | awk '{print $4}' | head -n 1)
fi

 

interface=$(networksetup -listnetworkserviceorder | awk -F': ' '/Device: / {gsub(/[ )]/, "", $3); if(length($3) > 0) print $3}' | while read -r line; do interface_status=$(ifconfig "$line" 2>/dev/null | grep status | awk '{print $2}'); if [[ "$interface_status" == "active" ]]; then echo "$line"; break; fi; done)
summary=$(ipconfig getsummary "$interface")
if echo "$summary" | grep -q "BSSID"; then
echo "wireless" $(sudo ioreg -l -n AirPortDriver | grep -o 'IO80211BSSID.*<[0-9a-fA-F]*>' | awk -F '<|>' '{print $2}' | fold -w2 | paste -sd: -)
else
default_gateway=$(route -n get default | awk '/gateway:/{print $2}')
echo "wired" $(arp -a | grep "$default_gateway" | awk '{print $4}' | head -n 1)
fi

  • Once you run one of the scripts above you will find the MAC address, which you need,

  • You need to enter it to the related field on the Trusted Network. Then, hit the Save button. enter the MAC address to the related field on the Trusted Network. Then, hit the Save button.

  • As a final step, You need to enable the Trusted Network feature on the Agent Profiles as shown in the image below and click Confirm. Please note that this feature can be enabled on both Windows and macOS.

     
  • If you created a new agent profile, It's important to note that when a new agent profile is created, the agent profile needs to be manually reordered and applied (dragged and dropped) in the hierarchy to ensure the new agent profile is applied.

Note: As part of the recent changes in macOS Sonoma, Apple has restricted access to the BSSID necessary for defining Wireless Trusted Networks. The Sonoma update now requires Location Services to be enabled to access BSSID information. This change has impacted how Trusted Networks are managed on macOS devices.

Consequently, for macOS Sonoma and later versions, the Trusted Network feature in Timus Connect will now utilize the SSID instead of BSSID. This change ensures compliance with Apple's updated privacy and security guidelines.

We recommend all macOS users and administrators to update their settings to use SSID for defining Trusted Networks. Although it is technically possible to enable Location Services to access BSSID, we are currently evaluating the potential legal and privacy implications of requesting such permissions.

For more details on how Apple's changes affect network management, please refer to discussions in the Apple Developer Forums, where even Apple engineers have acknowledged these changes.

You can find more details here: Apple Developer Forums.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Related articles

0 comments

Please sign in to leave a comment.